#0000 - Add Docker setup for MobSF with Traefik integration
Introduce Docker Compose configuration for MobSF, integrated with Traefik for domain management and basic auth. Enhanced documentation with installation and usage instructions, and added a template for environment variables.
This commit is contained in:
parent
28a877ec85
commit
f16ab2ab36
4 changed files with 99 additions and 1 deletions
5
.env.dist
Normal file
5
.env.dist
Normal file
|
@ -0,0 +1,5 @@
|
|||
# Fully Qualified Domain Name for MobSF
|
||||
MOBSF_FQDN='example.com'
|
||||
|
||||
# Basic Authentication credentials for MobSF in format USERNAME:PASSWORD
|
||||
MOBSF_BASIC_AUTH='USERNAME:PASSWORD'
|
1
.gitignore
vendored
Normal file
1
.gitignore
vendored
Normal file
|
@ -0,0 +1 @@
|
|||
.env
|
59
README.md
59
README.md
|
@ -1,2 +1,59 @@
|
|||
# mobsf
|
||||
# MobSF
|
||||
|
||||
## Introduction
|
||||
Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis, and security assessment framework capable of performing static and dynamic analysis.
|
||||
|
||||
## Table of Contents
|
||||
|
||||
1. [Introduction](#introduction)
|
||||
2. [Prerequisites](#prerequisites)
|
||||
3. [Installation](#installation)
|
||||
4. [Usage](#usage)
|
||||
5. [Post-launch](#post-launch)
|
||||
|
||||
## Prerequisites
|
||||
|
||||
- **Docker**: Make sure Docker is installed and running on your system.
|
||||
- **Docker Compose**: Docker Compose is required to orchestrate the container setup.
|
||||
- **Traefik Deployment**:
|
||||
- Deployed [Traefik standalone](https://git.van-hemmen.com/GuillaumeHemmen-DockerCompose-Infra/traefik-standalone) or
|
||||
- Deployed [Traefik Authelia](https://git.van-hemmen.com/GuillaumeHemmen-DockerCompose-Infra/traefik-authelia).
|
||||
|
||||
## Installation
|
||||
|
||||
1. Clone the repository:
|
||||
|
||||
```bash
|
||||
git clone https://git.van-hemmen.com/GuillaumeHemmen-DockerCompose-Infra/mobsf.git
|
||||
cd mobsf
|
||||
```
|
||||
|
||||
2. Copy the environment variable template:
|
||||
|
||||
```bash
|
||||
cp .env.dist .env
|
||||
```
|
||||
|
||||
3. Customize the `.env` file as necessary for your environment.
|
||||
|
||||
**Note**: You **must** define a basic authentication in `MOBSF_BASIC_AUTH` to protect your instance of MobSF.
|
||||
|
||||
## Usage
|
||||
|
||||
Start the MobSF service with Docker Compose:
|
||||
|
||||
```bash
|
||||
docker compose up -d
|
||||
```
|
||||
|
||||
Access MobSF by navigating to `https://<MOBSF_FQDN>` in your web browser. You will need to authenticate using the basic auth setup in your `.env` file.
|
||||
|
||||
## Post-launch
|
||||
|
||||
MobSF uses a fixed UID for the files persisted. To have the volume approach work, you must change the ownership of the data inside the volume as follows:
|
||||
|
||||
```bash
|
||||
docker run --rm -v mobsf_data:/vol alpine sh -c "chown --recursive 9901:9901 /vol"
|
||||
```
|
||||
|
||||
**Note**: The default volume name is assumed to be `mobsf_data`. Please adapt your command if it is different.
|
||||
|
|
35
docker-compose.yml
Normal file
35
docker-compose.yml
Normal file
|
@ -0,0 +1,35 @@
|
|||
networks:
|
||||
traefik_network:
|
||||
external: true
|
||||
|
||||
volumes:
|
||||
data:
|
||||
|
||||
services:
|
||||
website:
|
||||
image: opensecurity/mobile-security-framework-mobsf:latest
|
||||
networks:
|
||||
- traefik_network
|
||||
labels:
|
||||
- "traefik.docker.network=traefik_network"
|
||||
- "traefik.enable=true"
|
||||
- "traefik.http.routers.mobsf.rule=Host(`${MOBSF_FQDN}`)"
|
||||
- "traefik.http.routers.mobsf.entrypoints=websecure"
|
||||
- "traefik.http.routers.mobsf.tls.certresolver=myresolver"
|
||||
- "traefik.http.routers.mobsf.middlewares=mobsf-auth"
|
||||
- "traefik.http.services.mobsf.loadbalancer.server.port=8000"
|
||||
- "traefik.http.middlewares.mobsf-auth.basicauth.users=${MOBSF_BASIC_AUTH}"
|
||||
environment:
|
||||
USE_HOME: /MobSF
|
||||
volumes:
|
||||
- data:/home/mobsf/.MobSF
|
||||
deploy:
|
||||
replicas: 1
|
||||
restart_policy:
|
||||
condition: on-failure
|
||||
delay: 5s
|
||||
max_attempts: 3
|
||||
window: 120s
|
||||
resources:
|
||||
limits:
|
||||
memory: 3G
|
Loading…
Reference in a new issue